ISO 27001

URM > Information Security and Cyber Security > ISO 27001
  • risk management, what is risk, what is risk management, risk management process, risk management definition

    Risk Management – What is it? – Benefits to ISO 27001

    We are going to explore why the focus on a risk-based approach has helped turn ISO 27001, the International Information Security Management Standard, into such a world-beater. Before we dive in, let’s set the scene and try to define what we mean by risk and risk management. What is ‘risk’? Here’s an interesting challenge. Ask […]

  • ISO 27001 Certification – Dispelling the top 5 myths, iso 27001, iso standards, iso, 27001, iso data, iso certification, information security careeer, blog, urm consulting services, urm iso 27001 blog, urm training blog

    ISO 27001 Certification – Dispelling the top 5 myths

    There are many good reasons to implement an information security management system (ISMS) and get it certified to ISO 27001, the International Standard for Information Security Management.  The most common is that customers or clients, or in some cases stakeholders, want the assurance that an ISO 27001 certificate can provide. At first glance, an ISMS […]

  • What is an ISMS? | Why should you implement one, services, consultancy, controls, information security, isms, information security management system, iso 27001, consultancy, blog, urm information security, management systems, information security management system, information security management system, iso data, iso standards

    What is an ISMS? Why should you implement one

    Information Security Management Systems, ISO 27001 and the Benefits of Implementation. In this blog, we’re going back to basics and looking at some of the fundamentals of information security and ISO 27001, starting with the core ingredient, the information security management system, or ISMS, as it is commonly referred to. What is an Information Security […]

  • What types of evidence should you be collecting when conducting audits, auditing, audit, infosec audit, ainformation security, information security, iso 27001, infosec, iso standards, iso, iso isms

    What types of evidence should you be collecting when conducting audits?

    A crucial element in performing an audit is the collection and evaluation of evidence.  Evidence is used to determine if the process or control being audited is performing as expected. In this blog, we will be exploring how you can define what evidence is required and what are the most effective ways of gathering evidence. Evidence […]

  • Importance of ISO 27001 internal audit, interna audit, audit, urm, URM, ISO 27001, InformationSecurity, Infosec, Infosecurity, International standard, ISO

    Importance of ISO 27001 internal audits

    Definition With this week’s blog, the spotlight turns to internal audit and specifically in the context of ISO 27001, the International Standard for Information Security Management. We will step right back and look at internal auditing from the perspective of those new to the subject or those trying to understand where and why it fits. […]

  • Information Assets, Information Security, Infosec, ISO 27001, Infosecurity , International Standards

    Understanding information assets

    Definition of information assets Well, that’s easy, there isn’t one, well at least not one universally accepted definition. ISO/IEC 27000:2018 Overview and vocabulary refers to ‘information asset’ 33 times, but never actually defines it. A frequently (ab)used definition of an information asset is ‘everything that has a value to the organisation’. This is the point […]

  • vulnerabilities vs penetration test , information security , PIC DSS, Infosec , INfosecurity, Payment Card Data Security Standard , vulnerability assessment

    Vulnerability assessment vs. Penetration testing

    Vulnerability assessment  – Penetration testing, can things go wrong? There seems to be a market trend to offer a vulnerability assessment and package it as a penetration testing exercise.   Both are security controls in ISO/IEC 27001: 2013 Annex A and both have distinct purpose and deliverables.  In addition, they both feature quite heavily within the […]

  • Describing Information classification. Information Security (ISO 27001)

    What is Meant by Information Classification?

    The focus of this week’s blog is information classification. Let’s start with first principles – What exactly do we mean by information classification?  In its simplest form, information classification is the process by which we assess the information we hold and identify the appropriate level of protection it must be given.  This protection may focus […]